A bill in the Texas House seeks to limit employers’ ability to require that applicants and employees provide access to their private email and social media accounts.

House Bill 318, filed by State Rep. Helen Giddings, D-DeSoto, puts the Legislature in front of a workplace privacy issue that grabbed national headlines in 2012.

Giddings’ bill would prohibit employers from requesting usernames and passwords of certain employees and job applicants for personal email accounts and social media websites such as Facebook, Twitter or Instagram. Company-provided email accounts would not be affected.

Some industries, however, oppose the measure and argue that there’s a point where concerns about consumer protection and employers’ needs converge to make monitoring employees’ personal email and social media accounts necessary. And they argue that they should be exempt from the bill’s restrictions.

Advocates of measures such as HB 318 said they can protect employers from themselves. Emails can contain information, such as health-related matters protected by the Health Insurance Portability and Accountability Act, which an employer viewing would constitute breaking federal law. Possession of similar information may also make it more difficult for employers to defend themselves against claims of employment discrimination.

“Employers are getting passwords, going into accounts and putting themselves at risk by obtaining illegal information,” Giddings said. “This is an anti-litigation bill. It seeks to protect both employers and employees.”

Most companies that include social media postings in their hiring decisions consider only what they can access through online searches rather than by using candidates’ usernames and passwords, said Liz Hocker, managing director of human resources services at consulting company Vcfo Inc. Still, it’s a risky hiring practice that presents potential legal pitfalls, and Giddings’ bill, if passed, would make employers evaluate how they use social media in their hiring processes. If the bill passes, Texas will join California, Delaware, Illinois, Maryland, Michigan and New Jersey, which have enacted similar laws.

Facebook Inc. entered the argument as bills were considered in those states. It issued a warning statement to employers: “We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action.”

Facebook declined to comment on Giddings’ proposal.

Access presents gray area

The bill would allow an employer to read personal accounts of employees who access those accounts through employer-provided equipment or for purposes related to the employer’s business. It stipulates, however, that a written agreement in which employees acknowledge their employers’ rights to access such accounts be executed.

Others argue that using company property doesn’t change the principles at stake.

“Emails and texts should be valued as handwritten notes,” said State Rep. Dwayne Bohac, R-Houston, at the committee meeting. “Even if you are provided a phone, we should err on the side of privacy, liberty and freedom. An employer shouldn’t have access to a Gmail account.”

Others, meanwhile, suggest that Giddings’ bill may not be as big a deal as the heated reactions to it would indicate.

For example, monitoring employees’ social media and email may not prevent other avenues for leaking trade secrets, said Paul Stanfield, a partner at Stanfield Hiserodt PLLC, which focuses on legal issues relating to technology-based companies. Companies may be better off ensuring employees sign nondisclosure agreements.

Facebook statement on employee privacy
The following is an excerpt from a statement issued March 2012 by Facebook Inc. Chief Privacy Officer Erin Egan:
‘We’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability. …
As a user, you shouldn’t be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.
We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s the right thing to do. But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.), that employer may open themselves up to claims of discrimination if they don’t hire that person.
Employers also may not have the proper policies and training for reviewers to handle private information. If they don’t — and actually, even if they do — the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g. if the information suggests the commission of a crime).’

Comments

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.